Windows 10 Creators Update - Security Breach Found (or feature...)
-
Windows 10 Creators Update - Security Breach Found (or feature...)
Call this a feature if you want, but it's a terrible one..
Things you'll need setup to reproduce the issue:
- Windows 10, Version 1703, OS Build - 15063.296
- A PIN/Password code login
- Display timeout of 1 minute
By pressing the Windows Key, search 'power plan' and select Edit Power Plan.Set 'Turn off the display' after 1 minute.
How to replicate the issue:
Firstly, lock your PC with CTRL + L on your keyboard to confirm that when you slide the lockscreen up, it prompts you to enter a PIN/Password.
If that works fine, then try to do this step and replicate the issue I'm having.
Let your PC lock after 1min, don't touch anything.
If it blacks out, wake the screen but stay on the lockscreen.
Now, slide the lockscreen up by pressing any key and it should promp-..... it's probably taken you straight into the computer without asking for any PIN/Passcode.
Solution:
Call up Microsoft/live chat to Microsoft and allow them to Remote Desktop into your PC only to make them realize that they can't do anything. They kept telling me the update wasn't the issue and to roll back..
It's happened on my Home PC and now my recently updated Work PC. So it's not a coincidence, this is ridiculous and Microsoft should know better.
All in all, there is no solution. Stay on the Anniversary Update or previous builds.
Let me know your results.
(glad to be a part of the community)
###############UPDATE##################
Solution provided by Edwin
"You'll need to use Screen Saver settings to enable that security feature."
Last edited by AsadP; 23 May 2017 at 05:54.
-
-
Turning the display off isn't the same as locking your PC.
Consider a desktop.. say you switch the monitor off, then switch it back on again. Would you expect to have to log in?
(I don't use a PIN though so can't compare- but I do use the AU).
-
Turning the display off isn't the same as locking your PC.
Consider a desktop.. say you switch the monitor off, then switch it back on again. Would you expect to have to log in?
(I don't use a PIN though so can't compare- but I do use the AU).
Of course turning the display off isn't the same as locking but what if you forget to lock your device and want the PC to lock after the display turns off?
This used to work perfectly fine in the previous builds as mentioned, namely the Anniversary Update.
Thanks for your input.
-
-
There has always been a delay in the requirement for a password, (or now pin), entry in windows after the Screen timeout activates. it's there to allow users to return to their work if the timeout occurs at an inconvenient time, This often happens in business when a user is reviewing a document, and has the timeout set to a low number and the require Password on wakeup is set.
It used to be 30 secs IIRC but I could be wrong as my memory is no longer foolproof. (I still know all the stuff I used to but there's lots of junk stacked on top of it )
Incidentally there is also a delay built into the wake-up of a system in sleep or hibernation, which can be caused by a mouse vibration, if no activity occurs in a set time, (3 Mins?), the system will go back to sleep /hibernation - This delay did have an entry in the registry so could be adjusted on systems that are prone to this issue but not sure if there is a similar option for the password requirement delay
-
There has always been a delay in the requirement for a password, (or now pin), entry in windows after the Screen timeout activates. it's there to allow users to return to their work if the timeout occurs at an inconvenient time, This often happens in business when a user is reviewing a document, and has the timeout set to a low number and the require Password on wakeup is set.
It used to be 30 secs IIRC but I could be wrong as my memory is no longer foolproof. (I still know all the stuff I used to but there's lots of junk stacked on top of it
)
Incidentally there is also a delay built into the wake-up of a system in sleep or hibernation, which can be caused by a mouse vibration, if no activity occurs in a set time, (3 Mins?), the system will go back to sleep /hibernation - This delay did have an entry in the registry so could be adjusted on systems that are prone to this issue but not sure if there is a similar option for the password requirement delay
See this explains it.
But where the hell is that setting gone in this update and why does it seem like that setting has been wiped indefinitely so there is no timeout anymore..
-
See this explains it.
But where the hell is that setting gone in this update and why does it seem like that setting has been wiped indefinitely so there is no timeout anymore..
It's under settings, system, power & sleep. Adjust the sleep timeout to match the screen turn off time.
Under settings, accounts, sign in options is the option to require the computer to ask for a password when waking from sleep. There is no option to ask for password when only turning the screen back on after the it has turned off.
-
See this explains it.
But where the hell is that setting gone in this update and why does it seem like that setting has been wiped indefinitely so there is no timeout anymore..
You'll need to use Screen Saver settings to enable that security feature.
-
Just beat me to it Edwin!!
-
-
Just beat me to it Edwin!!
A collaborative effort!
-